Job Description

Knowledge, Skills, and Abilities (KSAs)

Knowledge of:

• Microsoft Sentinel architecture, SOAR, and UEBA capabilities.

• Azure cloud services, Logic Apps, Azure Functions, Event Hubs, Key Vault, and Azure AD.

• Security operations processes (triage, threat detection, incident response, threat modeling).

• MITRE ATT&CK, NIST CSF, Zero Trust Architecture concepts.

• Programming and scripting languages (Python, PowerShell, KQL, C#, JavaScript, or equivalent).

• CI/CD pipelines, DevOps practices, and Git-based version control.

• API integrations and JSON/YAML structures.

Skills in:

• Building Logic App workflows and custom Sentinel automation playbooks.

• Writing complex KQL queries for analytics, hunting, and behavioral detection.

• Developing custom connectors, data maps, and parsers.

• Designing and optimizing UEBA detection models.

• Debugging SOAR workflows and resolving integration issues.

• Communicating technical information clearly to both technical and non-technical audiences.

Abilities to:

• Work independently and take ownership of complex development tasks.

• Translate security requirements into scalable technical solutions.

• Analyze threat behaviors and develop meaningful detections.

• Work collaboratively with cybersecurity, infrastructure, and application teams.

• Manage multiple work assignments and meet deadlines.

Minimum Requirements:

Required Graduation from an accredited four-year college or university with major coursework in computer science, computer information systems, software engineering, cybersecurity, or a related field.

• Required Two (2) years of full-time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering.

• Required Two (2) years of full-time experience in software development, cloud engineering, SIEM engineering, or cybersecurity engineering.

• Preferred Three (3) or more years of hands-on technical experience with Microsoft Sentinel.

• Preferred Experience developing UEBA models, anomaly detection rules, and behavior-based analytics.

• Preferred Experience building Security Automation Playbooks (SOAR).

• Preferred Microsoft certifications such as: SC-200: Security Operations Analyst, AZ-900 / AZ-104, SC-100 / SC-300

• Preferred Experience integrating Sentinel with EDR, IAM, firewalls, and ticketing systems.

• Preferred Experience with DevOps pipelines (GitHub, Azure DevOps).

• Preferred Experience working in a government, healthcare, or regulatory environment.

Job Tags

Similar Jobs